Cyren Antivirus configured actions not being followed and other issues
Question asked by Matthew Bramble - December 3 at 1:15 AM
Unanswered
I'm trying to evaluate Cyren Antivirus.  At first it seemed that there might not be a good way to evaluate the product as the actions for a virus result were Delete, Move to Junk Email Folder, and Add Text to Subject.  I was hoping that I could capture these in Quarantine.

I set the actions for a Virus Result and High Result to Move to Junk Email Folder, and the Medium Result to Add Text to Subject and I specified the subject.

Now I find that the Quarantine has a bunch of files in it fro Cyren hits, a spot check found none of these in the customer's Junk Mail folders or tagged in the subject.  The Delivery log shows that these were quarantined.  I cannot determine what might have been a Virus, High or Medium result, but it seems that unless these were forwarded off the server, they were all captured in quarantine.  Log snippets are as follow:

DELIVERY LOG
-------------------------
[2018.12.02] 20:49:43 [72121] Delivery started for chintan@geminief.com at 8:49:43 PM
[2018.12.02] 20:49:49 [72121] Added to SpamCheckQueue (1 queued; 0/50 processing)
[2018.12.02] 20:49:49 [72121] This message has been quarantined because a virus was found.
[2018.12.02] 20:49:49 [72121] Removed from SpamCheckQueue (0 queued or processing)
[2018.12.02] 20:49:52 [72121] .eml file not found.  Removing .hdr file.
[2018.12.02] 20:49:52 [72121] Delivery finished for chintan@geminief.com at 8:49:52 PM    [id:17372121]

CYREN LOG
-------------------------
20:49:49 Reading Message from Stream...
20:49:49 Scanning Message: 72121
20:49:49 Sent Result(72121:Confirmed|Virus) back to server


So I have three questions/requests/observations:

1) Instead of listing the action as "Delete", change it to "Quarantine" since that is what it does.
2) Cyren Antivirus doesn't seem to have started functioning until I performed a reboot of the server.
3) Fix the actions so that they are actually followed.  Maybe changing them required a restart of a service???
4) Could you specify in a response what these three results are logged as?  I've figured out that Virus means Virus, but I do not know what to search the Cyren log for to identify a High and Medium result.

Thanks,

Matt

Reply to Thread